[3091] in WWW Security List Archive
Re: cops Report
daemon@ATHENA.MIT.EDU (Steff Watkins)
Thu Sep 26 13:59:57 1996
From: Steff Watkins <Steff.Watkins@Bristol.ac.uk>
To: www-security@ns2.rutgers.edu
Date: Thu, 26 Sep 1996 16:51:47 +0100 (BST)
In-Reply-To: <Pine.LNX.3.91.960926131917.12228A-100000@main.apis.de> from "Myrddin" at Sep 26, 96 01:25:56 pm
Errors-To: owner-www-security@ns2.rutgers.edu
Myrddin wrote:
=>
=>Hello !
=>
=>I just ran cops on my Linux2.0.0 ans it reported
=>
=>Warning! NFS file system exported with no restrictions!
=>Warning! NFS file system exported with no restrictions!
=>Warning! NFS file system exported with no restrictions!
=>Warning! NFS file system exported with no restrictions!
=>
=>I am not yet really into Linux, and I wonder if that is really a security
=>leak and how to solve it ?
Hello Michael,
yes, potentially this is a security problem.
A resource that is NFS shared without restrictions is available to anyone
who has the NFS software suite to mount and use your disks in the same way
as they would use their own.
So, they could write to and read ANY data from the disks, with all the
inherent problems that can generate.
One of the things to do is to SHARE the devices so that they are only
accessible by certain, trusted hosts.
A command such as
share -F nfs -o=trusted1.host.com, trusted2.host.com /somepath
In this way, the file area '/somepath' is available for NFS mounting by
trusted1 and trusted2 with read/write access.
Ok, this doesn't circumvent problems such as IP spoofing and such like,
but it does make it a little harder for the malicious to get at your
valuable resources.
Steff
: Steff Watkins, General Computer-type being
: University of Bristol, Clifton, Bristol, AVON, BS8 1TH, UK
:
: RFC-822 : Steff.Watkins@bris.ac.uk
: X-400 : /G=Steff/S=Watkins/O=Bristol/PRMD=UK.AC/ADMD= /C=GB/
: Phone: +44 177 287869 (external) 3046 / 7869 (internal)
